Services for delivering various types of software data (hereinafter referred to as “content”), such as music data, image data, and game programs, by communication via the Internet or satellites, or via various cable or wireless communication networks, become increasingly widespread. Distribution of content via storage media, such as DVDs, CDs, and memory cards, becomes also extensively widespread. Such distributed content is played back and used in TVs, PCs (Personal Computers), dedicated playback devices, or game machines, owned by users.
The content distributed via communication networks is received by, for example, set-top boxes provided with a communication function, is converted into data that can be played back in TVs or playback devices, and is then played back. Alternatively, the content is received by TVs, playback devices, game machines, or information devices, such as PCs, provided with a communication interface, and is played back.
Generally, in many types of software content, such as game programs, music data, and image data, the distribution rights are possessed by the creators and sellers of the content. In distributing the content, therefore, measures are taken against illegal copying by providing certain usage restrictions, i.e., by allowing use of the software only to authorized users, while considering security.
One technique for imposing usage restrictions on users is to encrypt the distributed content. For example, when distributing content that requires copyright protection via satellite communication or Internet communication, or when distributing content stored in media, such as DVDs, the content is encrypted, and is then distributed or stored, and a decryption key that can be used for decrypting the content is distributed only to authorized users. The authorized users decrypt the encrypted content by using the distributed decryption key so as to play back the content.
Encrypted data can be decrypted into the original data (plaintext) by performing decryption processing using a decryption key. Data encryption/decryption methods using an encryption key for data encryption processing and using a decryption key for decryption processing are well known.
There are various types of data encryption/decryption methods using an encryption key and a decryption key. An example of such methods is a so-called “common key cryptosystem”. In the common key cryptosystem, a common key is used as an encryption key for data encryption processing and as a decryption key for data decryption processing. The common key used for encryption processing and decryption processing is provided to authorized users, thereby excluding access to the data by unauthorized users without the key. A typical technique of this system is DES (Data Encryption Standard).
The encryption key and the decryption key used in the above-described encryption and decryption processing can be determined by applying a unidirectional function, such as a hash function, based on, for example, a password. The unidirectional function is a function whose input is very difficult to predict from the output. For example, a unidirectional function is applied to a password determined by a user as an input, and an encryption key and a decryption key are generated based on the output. It is, in practice, impossible to predict the password, which is the original data, from the encryption key and the decryption key obtained as described above.
A method in which the encryption processing using an encryption key and the decryption processing using a decryption key are performed with different keys is referred to as a “public key cryptosystem”. A public key cryptosystem is a system using a public key that can be employed by unspecified users, and a document for a specific person is encrypted by using a public key created by this specific person. The document encrypted by the public key can be decrypted only by using a private key corresponding to the public key used for the encryption processing. The private key is possessed only by the person who created the public key, and thus, the document encrypted by this public key can be decrypted only by the person who possesses the private key. Typical techniques used in the public key cryptosystem are an elliptic curve cryptosystem and the RSA (Rivest-Shamir-Adleman) scheme. By using such cryptosystems, it is possible to implement a system in which encrypted content can be decrypted only by authorized users.
The popular configuration of the above-described content usage management system is a configuration in which encrypted content is provided to the users via a network or by storing the content in recording media, such as DVDs or CDs, and a content key for decrypting the encrypted content is provided only to authorized users. A configuration has been suggested in which a content key itself is encrypted for preventing the illegal use thereof and is provided to the authorized users, and the encrypted key is decrypted by using a decryption key possessed only by the authorized users so as to utilize the content key.
Generally, a determination as to whether a user is an authorized user is made by performing authentication processing between a content provider, that is, a content sender, and a user device before distributing content or a content key. In typical authentication processing, the integrities of communication parties are verified, and also, a session key, which is effective only in the authentication communication, is generated. Then, only when authentication is established, is data, for example, content or a content key, encrypted by using the generated session key, and then, communication is performed.
However, in the configuration in which the content or a content key is distributed after checking the users based on such authentication processing, it is necessary for a content key sender to control content usage-right information of each user. That is, for determining whether the user has an authorized content-usage right, the content usage-right information of all the users must be stored in a database to distribute the content or a content key based on the right information.
There is no problem to perform such processing, that is, to check the content-usage rights of the users, if the number of users utilizing the content is limited. With a large number of users, however, the processing load becomes heavy, and the efficiency in distributing the content or a content key is accordingly reduced. Moreover, some users may desire to change conditions, such as period restrictions or usage-number restrictions, which are set as the content usage conditions, after purchasing the content.